You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Donald Woods (JIRA)" <ji...@apache.org> on 2008/12/17 21:00:49 UTC
[jira] Assigned: (GERONIMO-4451) locking and unlocking for
availability of a keystore results in duplicate attributes in config.xml
[ https://issues.apache.org/jira/browse/GERONIMO-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods reassigned GERONIMO-4451:
--------------------------------------
Assignee: Donald Woods
> locking and unlocking for availability of a keystore results in duplicate attributes in config.xml
> --------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4451
> URL: https://issues.apache.org/jira/browse/GERONIMO-4451
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 2.1.3
> Environment: Ubuntu Linux 8.10, Sun Java 1.6, Geronimo 2.1.3 w/ Jetty.
> Reporter: Christian Svensson
> Assignee: Donald Woods
> Fix For: 2.1.4, 2.2
>
>
> Transcribing mail conversation:
> Hello!
> I've been trying for the better part of today getting keystores to automatically unlock on startup - with very limited success.
> Is there something that I should know about keystore password / key password? Digging around some old mailing list threads said something about key password must be equal to keystore password - any more of those gotchas?
> The problem is that I create (or change password on geronimo-default for that matter) a new keystore, assign SSL to use the certificate and restart the server:
> org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'plasma-ssl' is locked; please use the keystore page in the admin console to unlock it
> at org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
> at org.apache.geronimo.jetty6.connector.GeronimoSelectChannelSSLListener.createSSLContext(GeronimoSelectChannelSSLListener.java:54)
> Resetting the SSL connector to using geronimo-default / geronimo with secret / secret as passwords makes it work again - but why on earth doesn't Geronimo unlock my keystores on startup? I mean, it saves the password (or something like it) in config.xml.
> -----
> This is how I created my setup:
> 1. Create a new keystore 'plasma-ssl'
> 2. Create a new private key 'wildcard'
> 3. Now the text on "Available" says "trust only" or something like that, I lock it and then unlock it in order for it to change to "1 key ready"
> 4. Then I configure my HTTPS connector to use the new keystore
> 5. Since the web server does not seem to do anything when I press "Shutdown" in the console, I use Ctrl+C to kill it.
> 6. Start the server again
> 7. Message appears.
> ---
> Hmm... the 3rd step is indeed unearthing a bug. At that step, a second "attribute" element is getting added (instead of replacing the existing element) to the keystore gbean for keystorePassword and keyPasswords attributes in config.xml . Can you create an issue in the JIRA [1]? The problem summary is, "locking and unlocking for availability of a keystore results in duplicate attributes in config.xml".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.